Wayne Shumaker skrev den 2025-02-08 16:56:
At 2/6/2025 02:25 PM, Winston wrote:
Shorewall (and Shorewall6) has been fantastic to me, as a multi-ISP
user.
if that debian maintaince stops, one can still find older slackware that
still works, just remember to not keep using precompiled problems
Matt Darfeuille skrev den 2024-12-06 13:40:
On 12/5/24 17:39, justina colmena ~biz via Shorewall-users wrote:
Some confusion with initial setup of the latest version, but I
carefully copied the files "interfaces", "policy", "rules", and
"zones" from the "Universal" sample configuration into
"/
rcor...@edos.cl skrev den 2024-09-03 19:54:
how to put a rule for access a DNAT server from LAN?
tread same here
https://serverfault.com/questions/403626/how-to-dnat-to-different-local-ip-based-on-what-public-ip-was-accessed-with-shor
i try to search how without success
man 5 shorewall-na
Peter Thurner | Blunix GmbH via Shorewall-users skrev den 2024-02-28
17:49:
Hello shorewall users,
is there a way to ignore failing rules in shorewall, specifically if
/etc/shorewall/rules contains something like
ACCEPT local pub:this.domain.doesnt.exist.com tcp 443
iptables is not dns base
Hosney Osman skrev den 2024-02-26 16:41:
nice to know
would just be more frindly not have replied
maybe the replyed uses ufw and did not know how to help with shorewall ?
try man shorewall.conf
or man shorewall-zones
its a start atleast :)
We do not offer that kind of support.
Phil Stracchino skrev den 2023-06-07 17:25:
Seems like it shouldn't be an overly difficult challenge to write a
userspace tool that reads in a shorewall configuration and writes it
out, semantically unchanged, in foomuuri's syntax...? Hand adjustment
from there would of course be up to the end
hi all :)
https://bugs.gentoo.org/901503
shorewall is okay in track if implement what ufw do with icmp and
ipv6-icmp
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-use
On 2022-03-16 17:36, Tuomo Soini wrote:
FTP is dead - move to SFTP which uses ssh protocol.
gopher is dead aswell, but i have a gopher server still working
i have no point :=)
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
On 2022-02-03 22:31, Brian J. Murrell wrote:
Is it really possible that Socket6::gethostbyname2 is not implemented
on a modern and recent distro such as Fedora?
yes
Any ideas?
reported to fedore maintainer ?, its not a shorewall bug
___
Shorewa
On 2021-12-31 14:52, Thomas wrote:
I'm running currently VyOS 1.1.8 on a PC Engines ALIX2D13, a 500MHz
single x86 CPU, 256MB memory board with i586 architecture.
This OS is based on Squeeze, and I cannot upgrade to a newer release.
Therefore I consider to switch to Shorewall running with Debian
On 2021-12-30 01:05, Damjan Hajsek wrote:
I tried DNAT and doesn't work
show your currect config please
impossible ?, then i only can say order of lines is important
https://serverfault.com/questions/403626/how-to-dnat-to-different-local-ip-based-on-what-public-ip-was-accessed-with-shor
not
On 2021-12-01 12:44, Vieri Di Paola wrote:
I prefer to have your thoughts before trying anything.
emerge -aC arptables
emerge -a iptables eselect-iptables
then set the needed symlink with eselect
shorewall works in gentoo, there is no arptables-legecy in gentoo
portage
hope this works
On 2021-07-06 01:07, Nigel Aves wrote:
I've run into a strange issue, and it's only been happening over the
last couple of months.
But every now and then we lose the connection to Facebook (and very
very occasionally to Google) and no one can connect. But if I clear
the IPSETS then Facebook wil
On 2021-06-14 12:33, Zenny wrote:
9137:Jun 14 11:49:37 mail postfix/smtpd[14632]: NOQUEUE: reject: RCPT
from mail-lf1-f49.google.com[209.85.167.49]: 451 4.3.5
: Recipient address rejected: Server
configuration problem; from=
to= proto=ESMTP
helo=
postconf -nf
to get future help, but since thi
On 2021-06-14 09:44, Zenny wrote:
Outside is already loopback-only mode.
Did I miss something?
is there a mx i can check ? :=)
if not wanting to disclose it test from gmail
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
ht
On 2021-06-14 08:04, Zenny wrote:
root@server2:~# netstat -lnp | grep :25
tcp0 0 127.0.0.1:250.0.0.0:*
LISTEN 27946/master
Where did I miss the wagon?
https://shorewall.org/manpages/shorewall-rules.html see Examples rules
for DNAT
this must be added
On 2021-06-13 22:19, Zenny wrote:
I have disabled ipv6 and pve-firewall and ufw completely in the
proxmox host and the lxc guest respectively, fyi.
Any inputs to overcome this issue whining me for years shall be
appreciated!
is the outside postfix configured as backup mx or just another
mai
On 2020-12-20 00:09, bruban...@gmail.com wrote:
Perhaps using a VPN?
no
i only got it private mail here, is sf.net blocking gmail now ? :/
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/l
On 2020-12-10 23:58, Tom Eastep wrote:
On 12/10/20 6:02 AM, Benny Pedersen via Shorewall-users wrote:
If it is coming from a single address or sub-network, you can simply
blacklist the SOURCE. Otherwise, just add a DROP rule that silently
drops the traffic from net->fw:
DROPnet
Dec 9 18:15:50 localhost kernel: net-fw LOG IN=eth0 OUT=
MAC=f2:3c:92:3b:15:1e:50:87:89:40:a1:c1:08:00 SRC=10.224.98.88
DST=wan-ip LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=21571 PROTO=TCP SPT=52652
DPT=service-port WINDOW=0 RES=0x00 RST URGP=0
what am i missing in shorewall to stop it ?
wan-ip
Benny Pedersen via Shorewall-users skrev den 2017-12-06 04:15:
Authentication-Results: linode.junc.eu; dmarc=pass (p=none dis=none)
header.from=lists.sourceforge.net
Authentication-Results: linode.junc.eu;
dkim=pass (1024-bit key) header.d=lists.sourceforge.net
header.i
Thomas Deutschmann skrev den 2017-12-06 03:45:
What am I missing?
I don't think it matters, but the natted FTP server is a CentOS 7.x
with ProFTPd.
http://www.proftpd.org/docs/howto/NAT.html
You have to tell your ftp server which passive ports should be used.
You have to open (forward) all
KP.Kirchdoerfer skrev den 2017-07-11 17:18:
Is there an easy (aka shorewall) way to solve this issue?
provide shorewall version and iptable version could help us more to help
you :=)
i dont se this problem with gentoo here
---
Guilsson . skrev den 2017-02-21 02:07:
> Any clue how to get all these rules works like I need ?
dns is port 53
on top of that you miss tcp since dns is both udp and tcp
and for the enforce use my dns server, check shorewall config for how to
enforce squid proxy on lan
same rules apply for dn
Thomas Deutschmann skrev den 2017-02-17 15:45:
> Yes, I am here :)
>
> But I do not understand your problem. What's your problem with
> shorewall and shorewall6 both providing "firewall"?
problem is that default openrc have default rc.conf that here does not
start shorewall6
so it for me not s
Tom Eastep skrev den 2017-02-16 23:29:
> I sounds like it is Gentoo-specific, in which case I can't help you.
> We at shorewall.net do not release any Gentoo-specific init scripts or
> .service files.
hopefully gentoo ebuild maintainers still listen here ?
---
Tom Eastep skrev den 2017-02-16 23:23:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 02/16/2017 11:49 AM, Benny Pedersen wrote:
>> i have problem with this now in current stable shorewall on gentoo
>> where shorewall-init shorewall shorewall6 is in rc-upda
i have problem with this now in current stable shorewall on gentoo where
shorewall-init shorewall shorewall6 is in rc-update as dokumented
i noticed that shorewall and shorewall6 both provide firewall ?
should shorewall6 not provide firewall6 in init rc ?
help me understand why it does not work
On 2016-09-01 23:49, Tom Eastep wrote:
> iptables -a foo -m conntrack --ctstate ESTABLISHED -j ACCEPT
confirmed works
iptables is default not compiled with conntrack support on gentoo
--
___
On 2016-09-01 22:59, Tom Eastep wrote:
> After executing this command:
>
> iptables -N foo
>
> What output do these commands produce?
>
> iptables -A foo -m state --state ESTABLISHED -j ACCEPT
> iptables -a foo -m conntrack --cstate ESTABLISHED -j ACCEPT
on gentoo it says unk
On 2016-08-09 23:26, Thomas Deutschmann wrote:
> If you are experiencing problems please report! ;)
yes
https://bugs.gentoo.org/show_bug.cgi?id=590692
its solved that one for me, and yes no problems anymore
--
What Ne
i hope shorewall still works :=)
--
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 2016-04-09 21:12, jaso...@mail-central.com wrote:
> I guess I'll have to look at it again if I want to use SW v5.
or join irc here https://en.opensuse.org/openSUSE:IRC_list
join the buildservice
--
Find and fix appli
On 2016-04-09 20:07, jaso...@mail-central.com wrote:
> I want to keep up to date with the 'Stable' Shorewall release.
https://build.opensuse.org/ ask build service to provide rpms, there
might be an maintainer that want to know there, else there is only one
option left to remove shorewall and ei
google autofwd freecode
fail2ban only supports ipv4, autofwd supports both ipv4/ipv6, and its more
simple
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Accele
On 2016-02-21 23:50, Tom Eastep wrote:
> Add this to the ESTABLISHED section:
>
> DROP net $FW tcp 25 ;; -m string --algo bm --string 'ylmf-pc'
had to remove the single quotes
DROP net $FWtcp 25 ;; -m string --algo bm --string ylmf-pc
and iptables save shows it have " around botna
iptables -I INPUT -p tcp --dport 25 -m string --algo bm --string
'ylmf-pc' -j DROP
how to add that silly bot to shorewall rules ?
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM
On 2016-02-09 01:19, Tom Eastep wrote:
> On 02/08/2016 10:28 AM, Benny Pedersen wrote:
>> On 2016-02-08 17:56, Tom Eastep wrote:
>>>> (slaac workaround)
>>> Same as it is in Shorewall (ipv4) - with an entry in
>>> /etc/shorewall6/masq:
>>> ::/0
On 2016-02-08 17:56, Tom Eastep wrote:
>> (slaac workaround)
>
> Same as it is in Shorewall (ipv4) - with an entry in
> /etc/shorewall6/masq:
>
>::/0your_ipv6_address tcp 43
thanks
--
Site24x7 APM In
ip6tables -A POSTROUTING -p tcp -m tcp --dport 43 -j SNAT --to-source
your_ipv6_address
how is this above done in shorewall ?
(slaac workaround)
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
On November 28, 2015 8:34:45 PM Jeff Sim wrote:
> having a policy of “fw net ACCEPT” I’m unable to make any outbound
> connections properly, unless I also add a corresponding rule.
$FW net ACCEPT
--
___
just today spotted this one
--
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
On August 5, 2015 2:49:25 PM Michael Johannes
wrote:
> http://kmschools.ir/
Tanks for your spam mail
--
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge
On October 1, 2014 11:18:32 PM "Dik " wrote:
> So what does the error mean ?
> kernel: Can't find ip_set type hash:ip
> If I can't get help here I have no idea where to go.
>
The above error says ipset is missing in current running kernel
-
On August 14, 2014 2:24:34 AM cac...@quantum-sci.com wrote:
> ?if __FTP_HELPER
> CT:helper:ftp:PO--tcp21p.
> ?endif
21p ?
Are ftps running onport 21 ?
--
Slashdot TV.
Video for Nerds. Stuff th
On 2014-02-08 00:16, Roberto C. Sánchez wrote:
> On Fri, Feb 07, 2014 at 11:06:35PM +, Donald S. Doyle wrote:
>> Is there a way to have Shorewall communicate with the listing services
>> (SORBS, Spamhaus, etc.)?
> Not directly. I would script the process of downloading the list,
> extracting
andre...@apf.it skrev den 2014-01-10 19:17:
> Where is my mistake?
missing options rotate in resolv.conf ?
unsure if its just that
why is your 127.0.0.1 not providing dns service ?
dont use global forwards on dns, this is stupid :)
Johannes Graumann skrev den 2013-10-27 13:54:
> I'm looking for a Rasberry equivalent with 2 integrated NICs (and no
> WLAN)
> up for the task and was wondering whether people here have
> recommendations
> what to use.
soekris.eu
if wee need to be ot :)
-
Tom Eastep skrev den 2013-08-19 23:59:
> I use Squid3 on my 2-ISP gateway. I have added the following to
> squid.conf to be able to control which ISP is used by one of the
> clients:
>
> acl mac src 172.20.1.145/32 172.20.1.146/32
> tcp_outgoing_address 67.170.121.6 mac
>
> acl rest src 172.20.0.
Tom Eastep skrev den 2013-08-18 03:30:
>> in 4.5.18 there is a reference of /var/lock/subsys with does not
>> exists
>> default on gentoo, i just created thiese dirs and it runs as
>> intended
>
> How are you installing Shorewall?
via gentoo portage, is this really FHS complient ?, if so its a
Tom Eastep skrev den 2013-08-18 00:13:
> Shorewall 4.5.20 RC 1 is now available for testing.
in 4.5.18 there is a reference of /var/lock/subsys with does not exists
default on gentoo, i just created thiese dirs and it runs as intended
-
Daniel Banck skrev den 2013-07-03 17:48:
> 4.4.26.1 is the version which ships with Ubuntu 12.04 LTS. I'll see
> if
> I can get a newer version.
make a bump version request on lunchpad, or create updated deb files
self from tarball, dont just install tarball content, it will break
dependics
-
cac...@quantum-sci.com skrev den 2013-05-05 23:35:
> But you are just a foolish Hater when you criticize and do not offer
> a solution.
well it would be my last help here so, i just commented on not mangle
ssl/tls with tor, if it worked you have not asked howto here
--
senders that put my emai
cac...@quantum-sci.com skrev den 2013-05-05 15:57:
> Anyone know how I would do this in Shorewall?
mangling ssl/tls is a stupid solution to tor problems, like realname is
not a email
--
senders that put my email into body content will deliver it to my own
trashcan, so if you like to get reply
John Brendler skrev den 2013-02-28 00:39:
> By the way, dnsmasq is being modified to be able to populate ipsets
> based on name resolution. For example, you could allow or deny a set
> containing all addresses a given URL is actively resolved to.
is the same as rpz policy zone in bind ?
neat th
Spain, Dr. Jeffry A. skrev den 2013-02-23 19:38:
> I would be concerned a priori about ShoreWall server meltdown.
are you talking of resolve bgp route in another level of managemant ?
i use spamhaus drop here in a include / blacklist, but since it see few
hits on it, i think my isp is doing it i
Wilson A. Galafassi Jr. skrev den 2013-02-28 01:09:
> If i use shorewall restar the blocking works fine, but If I use
> shorewall
> refresh doesn't but the rule appear using iptables -L
yes as you see a restart is needed to reconfigure iptables rules, if
you want to have dynamic blacklist then u
Wilson A. Galafassi Jr. skrev den 2013-02-27 22:04:
> I figure how to do this using the rules file:
http://www.shorewall.net/manpages/shorewall-blrules.html
--
Everyone hates slow websites. So do we.
Make your web apps f
Wilson A. Galafassi Jr. skrev den 2013-02-27 19:59:
> 10.1.106tcp 443 whitelist
> INCLUDE /etc/shorewall/https (my blacklist)
>
> How to exclude the internal ip and firewall ip from that blacklist?
change it to use blrules file, start with the whitelist on the top of
the fi
Fred Maillou skrev den 2013-01-07 17:10:
> Are there general guidelines around on how to configure Shorewall
> for use with SIP phones ? Especially regarding (some?) Cisco SIP
> phones which are expecting a reply at port 5060 while sending from an
> arbitrary high port.
for sip protocol to work th
I.S.C. William skrev den 13-12-2012 23:32:
> Since I can not block it and want to see if this works. or if you
> know of any other way to block it.
you want to block destination hostname from lan clients ?
if so bind rpz zone will be better
--
I.S.C. William skrev den 13-12-2012 23:30:
> 2012/12/13 Tom Eastep
>
>> DON'T DO IT!
>
> and why? could you give me an explanation of why it should not?
use blrules with a whitelist if you like to see log prepost it with a
comment "logentry" before whitelist
but if its just to see logs, its sil
Aaron C. de Bruyn skrev den 26-11-2012 20:14:
> Thanks Tom--that's exactly what I'm looking for.
sure ? man shorewall-blrules, see whitelist
--
Monitor your physical, virtual and cloud infrastructure from a single
web
Tom Eastep skrev den 26-11-2012 20:05:
>> #/etc/shorewall/rules
>> SSH(ACCEPT) wan:trusted dmz tcp 22
>> Am I missing something in the docs?
> ipsets?
blrules with whitelist entry ?
--
Monitor your physical, virtu
Den 2012-08-27 16:22, Tom Eastep skrev:
> the blrules file. This can be worked around by placing an empty
> COMMENT
> line at the end of blrules.
rules in shorewall rules gets comment from blrules here
thanks for the workaround, but why is this happend ?
in 4.5.6.2, so if blrules are used, rules comment is not working
if blrules is not used, then rules comment works
dont know if its solved, but this is the latest shorewall i have on
gentoo
--
Benny Pedersen
--
Live
Den 2012-08-21 00:47, Tom Eastep skrev:
>> Shorewall (2 interface)
>> Dansguardian
>> Squid
delay_pools
each pool have its own bandwidth limit, but its limited to only
protocols that squid supports
--
Live Security
Den 2012-08-02 17:10, Øyvind Lode - Forums skrev:
> MAC 00:19:cb:c2:20:e7 with IP 192.168.1.5 = my wireless AP (ZyXEL
> NWA1100)
will an firmware update not do ?
> I'm in the market for a new AP hehe
will not help if there firmware still not working
just keep it linux where shorewall hopefull
Den 2012-08-02 10:19, Øyvind Lode - Forums skrev:
> I hope you guys understand the above output.
> Because I don't fully understand :)
it means that 192.168.1.5 host missing route for 127.0.0.0/8
if that is missing it will get routed to 192.168.1.1, where there is no
way back since 127.0.0.1 is
Den 2012-08-01 01:28, Øyvind Lode - Forums skrev:
> 192.168.1.5 = Wireless Access Point.
>
> The AP receives it's IP via a static lease from isc-dhcp-server
> running on the firewall box.
are there any route with default via ?, if so remove this and make
explicit network routes
default via is o
Den 2012-08-01 02:55, Tom Eastep skrev:
> No -- and I'm unlikely to add such support, given how expensive a
> call to
> geoip is.
if xtables addons will not work with kernel 3.5+ i will not use it :)
i ment to translate http://www.maxmind.com/app/csv into shorewall
blacklist include files in p
Den 2012-07-31 23:40, Tom Eastep skrev:
> Shorewall supports the iptables CT target now (see
> shorewall-notrack(5)); the problem is that when the deprecated mode
> is
> turned off, everyone who uses helpers (which is almost 100% of the
> Shorewall user base) will have to change their configuratio
Den 2012-07-31 22:52, Tom Eastep skrev:
>> Jul 31 05:12:13 home kernel: nf_conntrack: automatic helper
>> assignment
>> is deprecated and it will be removed soon. Use the iptables CT
>> target to
>> attach helpers instead.
>> is shorewall ready ?
> No
i see soon, so old shorewalls still work
target to
attach helpers instead.
is shorewall ready ?
--
Benny Pedersen
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and h
Den 2012-07-27 14:34, Emiliano Vazquez skrev:
> I only ask for make a redirect port to another PC like "Squid
> (transparent) Running in the DMZ"
> http://www.shorewall.net/Shorewall_Squid_Usage.html
try the tproxy with port 443 ?
or squid with direct https ?
if tproxy and port 443 works add th
Den 2012-07-27 02:32, Emiliano Vazquez skrev:
> What i do?
nothing, since there is no problem imho :)
but if one like to try, do your squid server have your own ssl cert
that is not selfsigned ?
if so good :)
but since users try other ssl certs on diff homepages, then it breaks,
so one reall
any howto for this ?
will shorewall-lite with ssh work if the hardware router have ssh login
?
just imho ssh commands is not iptables at all :(
even the router is linux kernels, any google hints ?
--
Benny Pedersen
Den 2012-03-18 02:04, Mark skrev:
> list having alternative (and probably better) ways to use both
> fail2ban
> and shorewall?
action.d/shorewall
does shorewall allow/drop ip
just got tired of fail2ban and maked permenent blacklist for the most
abusive ips, using spamhaus drop as blacklist he
Den 2012-02-14 05:14, Tyler Johnson skrev:
> Several people I work with are objecting to using shorewall-lite on
> the
> grounds that it requires "PermitRootLogin yes" in the client's sshd
> config.
uh :-)
> Is there a good way to work around this requirement? I assume sudo is
> the answer, bu
Den 2012-02-11 14:42, Tom Eastep skrev:
> FTP/DNAT net loc:192.168.9.10
so its now restricted to 1 to 1 port mapping ?
wan port must now be lan port aswell ?
with version of webmin does work with shorewall when changes is happend
randomly, any webmin works with postfix since changes i
Den 2012-02-11 13:27, Lists skrev:
> FTP(DNAT) net loc:192.168.9.10
DNAT net loc:192.168.9.10:21 tcp 21
> I can't see what I am doing wrong? Thanks! :-)
stop sending html to maillists :=)
--
Virtualization & Cloud Manag
On Mon, 23 Jan 2012 21:39:37 -0800, Tom Eastep wrote:
> And within that segment they are very easily discovered.
will drop the maclist so, openvpn replacement better ?
--
Keep Your Developer Skills Current with LearnDevNo
On Sun, 22 Jan 2012 07:00:30 -0800, Tom Eastep wrote:
> I took a look at the dump this morning and there doesn't seem to be
> anything incorrect with the the Shorewall-generated ruleset. So
> assuming
> that you only want to accept connections from the router with MAC
> address 1C:4B:D6:2D:80:B3,
On Sat, 21 Jan 2012 07:25:47 -0800, Tom Eastep wrote:
>>> maclist not working, have no other prolems, ipt_mac does not exists
>>> in
>>> kernel 3.2.x
>
> But xt_mac does.
dump is sent, had to wait until rush hour was gone
-
On Sat, 21 Jan 2012 05:08:19 -0800, Tom Eastep wrote:
> What exact problem are you seeing?
maclist not working, have no other prolems, ipt_mac does not exists in
kernel 3.2.x
shorewall make a total blocking of all ports when maclist is in use in
the interface
would be nice to know if its just
how to make this work, its seem to me that netfilter is changed more or
less someplaces that shorewall do not support, using 4.4.27 shorewall
and shorewall6
suggestion welcomed
--
Try before you buy = See our experts in
On Sun, 27 Nov 2011 20:18:45 -0800, Tom Eastep wrote:
> And if that doesn't show you anything, then 'shorewall show
> blacklist'
> and look for rules with a non-zero packet/byte count.
shorewall show blacklst
--
All the
On Mon, 19 Sep 2011 04:41:44 +0200, m...@smtp.fakessh.eu wrote:
> Le lundi 19 septembre 2011 04:05, m...@smtp.fakessh.eu a écrit :
>> hello shorewall list
>>
>> how to include this rule
>> iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP
>>
>> in shorewall config
>>
>> all testimonials
On Mon, 19 Sep 2011 04:05:26 +0200, m...@smtp.fakessh.eu wrote:
> hello shorewall list
>
> how to include this rule
> iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP
>
> in shorewall config
>
> all testimonials are walcome
add tcpflags to the interface eth0 in interface (file) should
On Wed, 3 Aug 2011 10:42:09 -0400, Jamie Begin wrote:
> Im using Shorewall with a load-balanced muti-ISP config along with
> LSM
> for failover. Its working great, except for DNS requests. Id
> appreciate some advice on how to best configure this.
if you run bind you will get most performance w
On Thu, 28 Jul 2011 20:58:13 -0700, Ryan Joiner wrote:
just a note that thunderbird makes multiple reference headers :/
try update to 5.x
this bug breaks threaded folder lists
--
Got Input? Slashdot Needs You.
Take ou
errors is shown in perl 5.12.2
REQUIRE_INTERFACE and RFC1918_STRICT
if not noticed or solved
--
xpoint
--
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the N
On lør 03 jul 2010 02:21:32 CEST, Oliver Schmidt wrote
> We need this function very urgent, as we want to blacklist and redirect
> our users to a blocking page if they hit an entry on the blacklist.
squid with squidguard, and configure auth in squid, then squidguard
will follow
if thats okay i
On Sat 22 May 2010 06:19:43 PM CEST, sangprabv wrote
> And Shorewall can manage all of those ethernet cards traffics.
> Many thanks.
provide more info then shorewall will do more for you
eg: ifconfig, or even ip addr show, ip route show
if you have 8 nics already setup, then you find more help h
On ons 19 maj 2010 17:09:25 CEST, Tom Eastep wrote
> Add an entry for the network in /etc/shorewall/route_rules.
solved with a mod of example 2:
#eth1 - Comcast 1000
-80.160.0.0/13 myisp1 1000
-xx.xxx.0.0/15 myisp2 1000
tcptraceroute shows it works for me, and route from outside is still
On ons 19 maj 2010 04:51:42 CEST, Tom Eastep wrote
> 4 days without a post -- I'm suffering Shorewall Support Withdrawal :-)
not, i need more help, when shorewall is in multiisp setup can it then
add default route for the specifik isp ?
eksample:
whois 80.166.0.0
% Information related to '80.
On fre 27 nov 2009 23:38:36 CET, Tom Eastep wrote
>> This turned out to be a kernel config issue. "IP: equal cost multipath"
>> (CONFIG_IP_ROUTE_MULTIPATH) must be enabled in order for equal cost
>> routes to be added to the routing table.
> Yet one more example of why I avoid gentoo...
no softwar
On Thu, July 23, 2009 21:26, Tom Eastep wrote:
> Getting pretty lonely here... :-)
silence is golden as long there is tour de france :)
--
xpoint
--
___
Shorewall-users mail
On Sun, July 12, 2009 16:23, Tom Eastep wrote:
> Beta 4 is now ready for testing.
marco.Git macro.GIT seems equal
lead me to my question, is macro case sensitive ?
--
xpoint
--
Enter the BlackBerry Developer Challe
On Thu, July 9, 2009 00:24, Tom Eastep wrote:
> João Alberto Kuchnier wrote:
>> Hi! Just for you to know, there is a software named socat (you can find
>> inside ubuntu repositories) that works with this type of connection I
>> mentioned.
> Thanks for the update, João.
is this not just multiisp s
1 - 100 of 103 matches
Mail list logo
